Europe-based Alldas is a defacement mirror which lists Web sites that have been cracked into and defaced. It also hosts a copy of the defaced site (a mirror).
The Alldas defacement saw a modified news banner on the left saying: "ALLDAS GOT CRACKED! READ IT HERE". The front page was modified to profile a message from the defacer.
According to a statement by Alldas, which ironically mirrored its own defacement, the attacker(s) managed to fool the system to mirror a defacement--which included an image tag to a .php file. After it got mirrored, the file was used to execute commands on the server as an unprivileged user.
A check through the log files revealed that about 339 commands were executed, from 10 different IP addresses as source, Alldas said.
"The actual penetration wasn't really big, although it is kinda embarrassing to get 'defaced' as a defacement mirror," said Alldas' Fredrik in the statement.
The message from the intruder(s) included thoughts on full disclosure: "Defacements are a perfect way to express one's opinion BUT they can cause serious harm as well. As security gets more and more to 'full disclosure' this opens a way for script kiddies to arise.
"Security is not something funny. Nowadays many companies depend on their digital safety and there really are other ways than defacing to point out that security can be broken."
And the parting words from Alldas: "We regret that the attacker didn't inform us about the bug and choose to deface the site with all the consequences that go hand in hand with it."